Cryptography-Digest Digest #421, Volume #14 Thu, 24 May 01 00:13:01 EDT
Contents:
Re: Best, Strongest Algorithm (gone from any reasonable topic) (SCOTT19U.ZIP_GUY)
Re: Best, Strongest Algorithm (gone from any reasonable topic) ("Tom St Denis")
Combining functions for stream ciphers (Laura)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (SCOTT19U.ZIP_GUY)
Re: Combining functions for stream ciphers (Nicol So)
Re: The HDCP Semi Public-Key Algorithm (John Savard)
Re: taking your PC in for repair? WARNING: What will they (Jim Turner)
Re: survey (Nicol So)
Re: Help with a message (Charles Lyttle)
Re: Information hiding in digital TV some thoughts and experiments. (Ian Stirling)
Re: Help with a message (JPeschel)
Re: survey (David Wagner)
Re: Great Free Encryption Software ("George Peters")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: 24 May 2001 01:08:21 GMT
[EMAIL PROTECTED] (Tom St Denis) wrote in
<8IYO6.18605$[EMAIL PROTECTED]>:
>
>"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>> [EMAIL PROTECTED] (Tom St Denis) wrote in
>> <N2YO6.18269$[EMAIL PROTECTED]>:
>>
>>
>> >> Well Tom I don't consider you competent. Your still lying.
>> >
>> >And you have poor grammar. Wow pointless meaness is the funnest.
>>
>> Thats an understatement I know my grammer sucks big time.
>>
>> >
>> >> I do consider many of those on comp.compression to be competent
>> >> but then again compression is easy to measure. You see if the
>> >> file gets shorter in length. Encryption is more of a black art
>> >> that those who really know don't want you to know.
>> >
>> >Um, that in itself seals your fate as a serious cryptographer. I can
>> >make a cipher provably resistant to known attacks. That's not hard.
>> >It's not much of a black art. For example, any perfectly pair-wise
>> >decorrelated function is immune to differential and linear
>> >cryptanalysis. That's not black art.
>>
>> You see a few trees TOM but your don't see the forest.
>
>Um, like whatever. Crypto is not a blackart. It's science + luck. The
>luck is based on using Science. Look at twofish for example. It was
>designed with about 10 diff attacks in mind. As a result alot of new
>attacks don't seem to apply. You can view that as lucky or as good use
>of applied science.
It a black art because of the many billions of dollars spent to
keep it that way. Tom I can only say TWOFISH did not win. Why
it did not win we can speculate. I think it was not very strong
or the NSA would never have let it make it to the end few ciphers.
But I could be wrong mat be it was good and maybe thats why it
didn't win.
I don't consider it good science or luck. It may have been
constrained to the use of a short key from the very begining
by the NSA. Its not beyond the realm of possiblity that they
have discoverd very important ways to break ciphers and it
may have been desinged to be weak to these current secret forms
of attack. You don't know otherwise.
>
>> >> But even in this group I have respect for many. Such as
>> >> Onions Ritter Shaw Timmerman Tyler even Hopwood has my
>> >> respect. There are sevral others. You could have my respect
>> >> but I don't see you as an honest person. I do think you
>> >> could be some day since you are young. Yes I don't consider
>> >> Wagner very highly since he is not honest. It may not be
>> >> totally his fault. I have been to Berkeley several times
>> >> since my daughter went there. Fortunutly she is a chip off
>> >> the ol block and got out of there in 3 years. But he will
>> >> not tell the truth about things he will make rash statements
>> >> about things like he did on SCOTT19U and then slink off.
>> >> Thats not to say he does not know something about encryption.
>> >> I'm sure there are many areas he knows a great deal. I think
>> >> he could tell you if CTR or BICOM is more likely to be secure.
>> >> But I don't see him as honest enough to do that. Maybe he
>> >> is frustrated he could not get a job in the NSA since they take
>> >> the best. Hell maybe he is in the NSA and is helping them to
>> >> mislead people I really don't know.
>> >
>> >What does Wagner lie about? He tried to analyze your cipher, you bad
>> >mouthed him and he fled. Seems like he just couldn't be bothered
>> >with ya. Maybe your daughter left Berkeley because she's stupid or
>> >can't afford it? Why must everything you do become the "right thing".
>>
>> He never tried to analyze scott19u. He stated he looked at it
>> and that his SLIDE ATTACK made mince meat out of it. When someone
>> actually tested this and reased questions. He had to admit he never
>> really looked at it. She graduated jerk. She didn't get hooked on
>> the drugs that liberals seem to think necessary. I personnal would
>> make drugs legal so the idiots could all OD on them.
>
>So what. Scott Fluhrer said a SAC bias would break TC15, turned out his
>biases were wrong. I didn't flame him as a result.
well three cheers for you. But you just did brag about it. I just
use stronger words.
>
>> >Funny in this post I don't see a proof for the security of BICOM....
>> >maybe I need to put my contacts back on..
>>
>> Actaully the proof that it was stronger was in other posts.
>
>Which ones. Please send the url of the post (you can use deja.com to
>look it up).
You look it up.
>
>> But I guess you only open your eyes when you feel like it.
>
>I, like others, must have missed it. Please point us to it.
>
Well who is "us" cant stand on your own two feet. Need to have
a group so you feel strong?
>> And you never anwsered the FACT that a one byte ouput file
>> from CTR mode (though you have no working program) would imediately
>> lead an attacker to realize that the input file could only have
>> come from 1 of 256 possible messages. With BICOM you have many
>> many more messages. That alone makes it more secure. Or do
>> you have the ability to even understand this fact. Both methods
>> use RIJNDEAL as the underlying model. One just does it in
>> a better way. As I pointed out above. I would rather confuse the
>> enemy with many possible messages than just 256 messages.
>>
>
>That's entire BS. If the plaintext is uniformly distributed then CTR
Well I see you can't anwser the above want to try again.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: Thu, 24 May 2001 01:27:49 GMT
"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> >Um, like whatever. Crypto is not a blackart. It's science + luck. The
> >luck is based on using Science. Look at twofish for example. It was
> >designed with about 10 diff attacks in mind. As a result alot of new
> >attacks don't seem to apply. You can view that as lucky or as good use
> >of applied science.
>
> It a black art because of the many billions of dollars spent to
> keep it that way. Tom I can only say TWOFISH did not win. Why
> it did not win we can speculate. I think it was not very strong
> or the NSA would never have let it make it to the end few ciphers.
> But I could be wrong mat be it was good and maybe thats why it
> didn't win.
> I don't consider it good science or luck. It may have been
> constrained to the use of a short key from the very begining
> by the NSA. Its not beyond the realm of possiblity that they
> have discoverd very important ways to break ciphers and it
> may have been desinged to be weak to these current secret forms
> of attack. You don't know otherwise.
You're such a crank. Twofish is still a good cipher just because it didn't
win. And you say that it's not science or luck? Did you read the Twofish
paper?
Why is a 256-bit key too short? It's short compared to a trillion bit key
but that's not too short for security.
The problem with your arguments is that you never back them up. You always
just hand wave and insult. I am thinking of just ignoring your posts from
now on because this is very very frustrating.
> >Which ones. Please send the url of the post (you can use deja.com to
> >look it up).
>
> You look it up.
Um you want to prove it, that's your job. I don't think you have ever sent
a serious post. Perhaps I missed it.
>
> >
> >> But I guess you only open your eyes when you feel like it.
> >
> >I, like others, must have missed it. Please point us to it.
> >
>
> Well who is "us" cant stand on your own two feet. Need to have
> a group so you feel strong?
Well most people don't reply to ya because you are in their killfiles. I am
trying to be nice by saying "dude prove your stuff". You chose not to.
Perhaps I should populate my killfile.
> >> And you never anwsered the FACT that a one byte ouput file
> >> from CTR mode (though you have no working program) would imediately
> >> lead an attacker to realize that the input file could only have
> >> come from 1 of 256 possible messages. With BICOM you have many
> >> many more messages. That alone makes it more secure. Or do
> >> you have the ability to even understand this fact. Both methods
> >> use RIJNDEAL as the underlying model. One just does it in
> >> a better way. As I pointed out above. I would rather confuse the
> >> enemy with many possible messages than just 256 messages.
> >>
> >
> >That's entire BS. If the plaintext is uniformly distributed then CTR
>
> Well I see you can't anwser the above want to try again.
What the F#CK are you yacking about? a 8-bit message can only map to 8-bit
outputs to be bijective (well not entirely). CTR mode is just a bloody xor
of some random bits against a message. How can that possibly be less secure
than BICOM?
Want me to write a program that uses the CTR mode?
Tom
------------------------------
From: [EMAIL PROTECTED] (Laura)
Subject: Combining functions for stream ciphers
Date: 23 May 2001 18:53:17 -0700
I am currently working on improving the ORYX stream cipher, but am
wondering how to adjust the combining function. I want to make it
more complex, but not slow down the encryption process too much. Does
anyone have any ideas? (Currently, the outputs from the LFSR's are
combined using modular addition).
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: 24 May 2001 01:41:47 GMT
[EMAIL PROTECTED] (Tom St Denis) wrote in
<psZO6.19345$[EMAIL PROTECTED]>:
>Well most people don't reply to ya because you are in their killfiles.
>I am trying to be nice by saying "dude prove your stuff". You chose not
>to. Perhaps I should populate my killfile.
>
Well you use to be in my kill file so two can play this game.
>> >> And you never anwsered the FACT that a one byte ouput file
>> >> from CTR mode (though you have no working program) would imediately
>> >> lead an attacker to realize that the input file could only have
>> >> come from 1 of 256 possible messages. With BICOM you have many
>> >> many more messages. That alone makes it more secure. Or do
>> >> you have the ability to even understand this fact. Both methods
>> >> use RIJNDEAL as the underlying model. One just does it in
>> >> a better way. As I pointed out above. I would rather confuse the
>> >> enemy with many possible messages than just 256 messages.
>> >>
>> >
>> >That's entire BS. If the plaintext is uniformly distributed then CTR
>>
>> Well I see you can't anwser the above want to try again.
>
>What the F#CK are you yacking about? a 8-bit message can only map to
>8-bit outputs to be bijective (well not entirely). CTR mode is just a
>bloody xor of some random bits against a message. How can that possibly
>be less secure than BICOM?
>
>Want me to write a program that uses the CTR mode?
Only if your willing to look at what BICOM does. You
seem to only habd wave. You have never looked at it or
tested it.
Yes CTR being less secure can only map one BYTE to one
BYTE. But bijective BICOM is not that weak. Why would
anybody want a one byte file to map to one byte when
it would means there are only 256 possiblilites for input
messages.
If you encrypt one byte with BICOM you most likely will
get several bytes out. However if you did get one byte
out the input file could be far more than one byte. This
is beacuse if the key is not known many many thousands of
different possible input files could have mapped to that
single one byte output file.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: Nicol So <[EMAIL PROTECTED]>
Subject: Re: Combining functions for stream ciphers
Date: Wed, 23 May 2001 22:18:10 -0400
Reply-To: see.signature
Laura wrote:
>
> I am currently working on improving the ORYX stream cipher, but am
> wondering how to adjust the combining function. I want to make it
> more complex, but not slow down the encryption process too much. Does
> anyone have any ideas? (Currently, the outputs from the LFSR's are
> combined using modular addition).
Is there a reason why you want to focus on the combining function?
--
Nicol So, CISSP // paranoid 'at' engineer 'dot' com
Disclaimer: Views expressed here are casual comments and should
not be relied upon as the basis for decisions of consequence.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: The HDCP Semi Public-Key Algorithm
Date: Thu, 24 May 2001 02:33:42 GMT
On Wed, 23 May 2001 11:03:42 GMT, [EMAIL PROTECTED]
(John Savard) wrote, in part:
>In addition to the XOR mask, a bit more disguise is possible. Instead
>of the 8 cyclic permutations, a commuting family with 15 elements can
>be produced:
>1 2 3 4 5 6 7 8
>2 3 4 5 1 7 8 6
>3 4 5 1 2 8 6 7
>...
>by using disjoint subcycles, and the elements being permuted don't
>have to be in order either.
>Still, the disguise is awfully thin. Perhaps I've missed something.
Since the subcycles are disjoint, a different XOR mask can be used for
each one. The mask can be completely arbitrary for those subcycles
containing an even number of the numbers from 1 to 20. The masks for
the subcycles with an odd number of those numbers, though, must XOR
together to zero. (There will, of course, be an even number of such
subcycles.)
John Savard
http://home.ecn.ab.ca/~jsavard/frhome.htm
------------------------------
From: [EMAIL PROTECTED] (Jim Turner)
Crossposted-To: alt.privacy,alt.privacy.anon-server
Subject: Re: taking your PC in for repair? WARNING: What will they
Reply-To: [EMAIL PROTECTED]
Date: Thu, 24 May 2001 02:36:16 GMT
Doesn't have to be written in C, but C is a good tool for the job as
it allows low level access very easily. It is the language of choice
for many open source projects. The free/open source programs I have
found that do security erase, etc.. are written in C/C++. There are
also many free C/C++ compilers and system out there. (There also other
good free compilers like DEV Pascal, perl, python, etc.), but Visual
basic is not free. Mostly a matter of finding a good tool at the right
price that is widely used.
JT
On Wed, 23 May 2001 20:03:22 GMT, Darren New <[EMAIL PROTECTED]> wrote:
>Jim Turner wrote:
>> Two others to look at are LCC, which has a decent IDE, and MINGW,
>> which is based on GNU but uses standard windows DLLs instead of a unix
>> emulation DLL. There is also the DEV-C++ package which adds an IDE to
>> MINGW or Cygwin.
>
>Does it really need to be written in C?
>
>--
>Darren New / Senior MTS & Free Radical / Invisible Worlds Inc.
> San Diego, CA, USA (PST). Cryptokeys on demand.
> This is top-quality raw fish, the Rolls-Rice of Sushi!
------------------------------
From: Nicol So <[EMAIL PROTECTED]>
Subject: Re: survey
Date: Wed, 23 May 2001 22:41:00 -0400
Reply-To: see.signature
"Douglas A. Gwyn" wrote:
>
> Mok-Kong Shen wrote:
> > Would you please explain a bit on the meaning of 'stream
> > ciphers that are not of the key-generator class'?
>
> Basically, there is no subsystem that generates a
> plaintext-independent key which is then combined
> with the plaintext in a totally separate subsystem.
>
> Note that when I phrase it that way, it is evident
> what some weaknesses might be in key-generator
> based systems.
Non-key-generator type stream ciphers are not really an unfamiliar
concept. DES CBC and CFB are two (familiar) examples. It would not be
difficult to come up with additional schemes that convert a block cipher
into a non-KG type stream cipher. What would be an interesting design
problem is to create a stream cipher (not of the KG type) that is:
simple, very fast, implementable with a small number of gates, and with
well-understood security properties. I think the first three together
pretty much mean one should look beyond schemes that use a block cipher
as a building block.
--
Nicol So, CISSP // paranoid 'at' engineer 'dot' com
Disclaimer: Views expressed here are casual comments and should
not be relied upon as the basis for decisions of consequence.
------------------------------
From: Charles Lyttle <[EMAIL PROTECTED]>
Subject: Re: Help with a message
Date: Thu, 24 May 2001 03:16:39 GMT
"Douglas A. Gwyn" wrote:
>
> Amethyste wrote:
> > IC1 = 0.069
> > IC2 = 0.054
> > IC3 = 0.064
>
> I have to object to this. A proper Index of Coincidence
> is the ratio of the observed number of coincidences to the
> expected number of coincidences, and therefore is somewhere
> around 1. I know there are textbooks that misdefine this,
> but it is important to have a standard unit of scale (1)
> in order to interpret the statistic.
AFAIK, you can do it either way, at your convenience. However, I took
out the all occurrences of 'Z' and then looked for matching substrings
and come up with probable key lengths of 3,5,9,15. So 3 isn't a bad
guess at a key length. Thus if "JPJ" is "THE" the cypher is solved. I'll
write some scripts to complete the solution, but probably not tonight.
--
Russ Lyttle
"World Domination through Penguin Power"
The Universal Automotive Testset Project at
<http://home.earthlink.net/~lyttlec>
------------------------------
From: Ian Stirling <[EMAIL PROTECTED]>
Subject: Re: Information hiding in digital TV some thoughts and experiments.
Date: Thu, 24 May 2001 03:18:27 GMT
Jan Panteltje <[EMAIL PROTECTED]> wrote:
>Digital TV transmissions are now common in Europe.
>With a small dish one can receive 400 or more stations, some encrypted, some
>not.
>Recently I have been involved with processing this digital information,
>in my case mainly to write software that allows one to add / edit subtitles to
>existing programs.
>In experimenting I discovered the digital transport stream as used in DTV is a
>place with a vast potential to hide any info you like in any way you like,
>with a huge bandwidth too.
>For example small changes (say the last few bits) in the PTS (presentation
>time stamp, used in PES (program elementary stream) packets) (and perhaps even
This is the barest fraction of the possibilities.
For example, the recievers have to cope with maybe (guessing) 1/10th of
the raw bits being in error, and do error correction before recovering
the MPEG stream.
If 1% of the bits sent are instead not errors, but an encrypted datastream,
then even sending live video streams is possible.
--
http://inquisitor.i.am/ | mailto:[EMAIL PROTECTED] | Ian Stirling.
===========================+=========================+==========================
The fight between good and evil, an epic battle. Darth vader and Luke,
suddenly in the middle of the fight, Darth pulls Luke to him, and whispers
"I know what you'r getting for christmas!" Luke exclaims "But how ??!?"
"It's true Luke, I know what you'r getting for christmas" Luke tries to ignore
this, but wrenches himself free, yelling "How could you know this?",
Vader replies "I felt your presents" -- The Chris Evans breakfast show ca. 94
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Date: 24 May 2001 03:25:18 GMT
Subject: Re: Help with a message
Douglas A. Gwyn [EMAIL PROTECTED] writes:
>Robert Reynard wrote:
>> I don't think so. I don't think William Friedman defined it that way
>either.
>
>He did eventually, because it removes a contextual factor from
>the interpretation.
Where? When?
>
>> According to the Encylopedia of Cryptology, the Index of Coincidence (IC)
>> for a random mixture of letters is 0.0385 and the IC for a typical
>plaintext
>> message is 0.0667.
>
>That's a mistake. Those are the "kappa" values.
>
If it is a mistake, then Sinkov and others have it wrong, too.
>> Expectation of occurrences, or coincidences, plays no part in the
>definition
>> or calculation.
>
>That's why that is not an Index of Coincidence.
>The word "index" connotes comparison against a norm.
You connote too much: an index can be just a ratio.
>The definitive treatment of this is in Mountjoy's article on the
>"bar" statistics in an old issue of NSATJ, unfortunately not yet
>declassified (so far as I know). That would be a useful paper for
>an FOIA request.
That doesn't sound like enough information to make an FOIA request.
Do you have more?
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: survey
Date: 24 May 2001 03:34:49 GMT
Nicol So wrote:
>What would be an interesting design
>problem is to create a stream cipher (not of the KG type) that is:
>simple, very fast, implementable with a small number of gates, and with
>well-understood security properties.
Yes indeed! If one leaves out the fourth requirement,
A5 (or a variant with registers lengths tripled or so)
looks quite interesting. It seems to be an interesting
challenge to find a cipher that can be implemented with
anywhere near as few gates as A5.
------------------------------
From: "George Peters" <[EMAIL PROTECTED]>
Subject: Re: Great Free Encryption Software
Date: Wed, 23 May 2001 22:31:33 -0500
Wow! Nothing like good old DOS commands. Talk about cutting edge
technology. I guess these guys haven't heard about OOP yet.
I do have to point out at least their documentation is pretty good about
concepts in cryptograhy, as far as public key is concerned.
"Charles Blair" <[EMAIL PROTECTED]> wrote in message
news:0wYO6.7205$[EMAIL PROTECTED]...
> [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) writes:
>
> >[EMAIL PROTECTED] (Charles Blair) wrote in
> ><3_WO6.7196$[EMAIL PROTECTED]>:
>
> >> Just in case somebody is not aware of it, gnu privacy
> >>guard (www.gpg.org) is a freely available (including
> >>source) public key system and related stuff. Version
> >>1.0.5 has just been released.
> >>
>
> > Its bad enough that they wont fix the errors or allow
> >a strong version but the URL you gave does not work.
>
> Very sorry! The URL is www.gnupg.org. My mistake!
>
> I am not part of the gnupg project, and am not competent
> to discuss technical problems. They have publically acknowledged
> a flaw with something related to verification.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
